{"id":"RUSTSEC-2020-0039","summary":"`index()` allows out-of-bound read and `remove()` has off-by-one error","details":"`Slab::index()` does not perform the boundary checking, which leads to out-of-bound read access. `Slab::remove()` copies an element from an invalid address due to off-by-one error, resulting in memory leakage and uninitialized memory drop.","aliases":["CVE-2020-35892","CVE-2020-35893","GHSA-438g-fx34-4h9m","GHSA-hqc8-j86x-2764"],"modified":"2023-11-08T04:03:37.869412Z","published":"2020-09-03T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/simple-slab"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2020-0039.html"},{"type":"REPORT","url":"https://github.com/nathansizemore/simple-slab/issues/2"}],"affected":[{"package":{"name":"simple-slab","ecosystem":"crates.io","purl":"pkg:cargo/simple-slab"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"},{"fixed":"0.3.3"}]}],"ecosystem_specific":{"affects":{"os":[],"arch":[],"functions":[]},"affected_functions":null},"database_specific":{"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2020-0039.json","categories":[],"informational":null,"cvss":null}}],"schema_version":"1.7.3"}